BACKGROUND
Cybercriminals are targeting users who search for cracked software by promoting malicious websites to download installers which deploy a malware called NullMixer. This new malware dropper is infecting Windows devices with a dozen malware families simultaneously.
These infections range from password-stealing trojans, backdoors, spyware, bankers, fake Windows system cleaners, clipboard hijackers, cryptocurrency miners, and even further malware loaders.
MODUS OPERANDI
The malicious websites are using Search Engine Optimization (SEO) to stay at the top of search engine results, making them easy to find when searching for "cracks" or "keygens". When a user tries to download software from one of these sites, they are redirected multiple times and end up on a page containing download instructions and a password-protected ZIP file. When the user extracts and executes the file, the device becomes compromised with malware.
SYMPTOMS & IMPACT
• Heavy hard disk activity
• Increased CPU and memory utilization
• Unusual windows opening for no reason
• A noticeable performance issue on the infected device
• Sensitive data leakage
• Financial loss
RECOMMENDATIONS
• Only download software from trusted and official sources.
• Do not download pirated software or any other illegal content, even if you are redirected to it from a legitimate website.
• Check your financial accounts regularly to look for unknown transactions.